﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data;
using System.Data.SqlClient;

namespace MusicAcademy
{
    class UserManager
    {
        public static bool Login(string UserName, string Password)
        {
            SqlConnection con = new SqlConnection(Properties.Settings.Default.MusicAcademyConnectionString);
            SqlCommand com = new SqlCommand();
            SqlDataReader dreader;

            com.Connection = con;
            com.CommandType = CommandType.Text;
            com.CommandText = "SELECT ID, isAdmin, academyID FROM [User] WHERE userName=@userName AND password=@password";
            com.Parameters.AddWithValue("@userName", UserName);
            com.Parameters.AddWithValue("@password", Password.GetHashCode());

            con.Open();
            dreader = com.ExecuteReader();
            if (dreader.Read())
            {
                Program.academyID = Convert.ToInt32(dreader["academyID"]);
                Program.userID = Convert.ToInt32(dreader["ID"]);
                Program.isAdmin = Convert.ToBoolean(dreader["isAdmin"]);
                dreader.Close();
                con.Close();
                return true;
            }
            else
            {
                dreader.Close();
                con.Close();
                return false;
            }
        }

        public static bool HasAccess(string FormName, string Operation)
        {
            if (Program.isAdmin)
                return true;

            SqlConnection con = new SqlConnection(Properties.Settings.Default.MusicAcademyConnectionString);
            SqlCommand com = new SqlCommand();
            SqlDataReader dreader;

            com.Connection = con;
            com.CommandType = CommandType.Text;

            com.CommandText = "SELECT ID FROM Form WHERE formName=@formName";
            com.Parameters.AddWithValue("@formName", FormName);

            con.Open();
            dreader = com.ExecuteReader();
            if (!dreader.HasRows)
            {
                dreader.Close();
                com.CommandText = "INSERT INTO Form (formName) VALUES (@formName)";
                com.ExecuteNonQuery();
            }
            else
                dreader.Close();
            com.Parameters.Clear();

            com.CommandText = "SELECT UserAccess.ID FROM UserAccess INNER JOIN Form ON Form.ID=UserAccess.formID WHERE formName=@formName AND userID=@userID AND Can" + Operation + "=1";
            com.Parameters.AddWithValue("@formName", FormName);
            com.Parameters.AddWithValue("@userID", Program.userID);

            dreader = com.ExecuteReader();
            if (dreader.Read())
            {
                dreader.Close();
                con.Close();
                return true;
            }
            else
            {
                dreader.Close();
                con.Close();
                return false;
            }
        }
    }
}
